06/06/2017

What Are the Challenges and Benefits of Using S/MIME to Secure Emails?

by Dena Bauckman

S/MIME is an internet standard (RFC 5751) for securely sending and receiving email. It ensures confidentiality (no one but the sender and recipient can read the message), integrity (verification that the content was not altered during transit) and authentication (assurance that the sender and recipient are who they say they are). S/MIME is supported by most email systems today, but it is still rarely implemented, even in email encryption solutions. Why is that?

S/MIME uses public key encryption, which requires the sender and recipient to each have an S/MIME certificate. In order to send an encrypted email using S/MIME, you must first get the recipient's S/MIME certificate, and they will need yours to encrypt messages to you. If you only need to send encrypted emails with one or two organizations, this may not be a problem. But as the number increases, managing S/MIME certificates becomes a significant investment of internal resources.

Still if you can resolve the certificate management issue, there are huge benefits to using S/MIME. For example, when compared to using TLS, and especially opportunistic TLS, S/MIME is not susceptible to man-in-the-middle attacks. TLS provides an encrypted “tunnel” through which email is sent. As a result, if not set up properly, an attacker can get in the middle of a TLS connection and decrypt email communication. S/MIME on the other hand is not an encrypted tunnel but instead actually encrypts the email message itself. Since the email is encrypted, it does not matter if there is a man in the middle. The content is protected until it reaches the intended recipient.

Another benefit of S/MIME is the ability to automatically encrypt and decrypt emails for users. If you have a way to easily manage the exchange of S/MIME certificates, then it is possible to provide an email encryption solution that makes the process of encrypting and decrypting emails easy and even transparent to the users. This addresses the biggest issues companies have when they implement email encryption – users complain about the complexity and extra steps required to exchange encrypted email.

Over the years, Zix has focused on two critical but often conflicting priorities for its email encryption solution; ease of use and security. Our S/MIME implementation uses strong encryption for confidentiality, integrity and authentication, and because security is a top priority, Zix S/MIME encryption is used as the first method of encryption in our Best Method of Delivery. Zix also offers the industry’s only centralized S/MIME certificate management that automates the exchange of the certificates between customers. This enables us to automatically encrypt all email communication between our customers so that it is transparent to both senders and recipients. Using S/MIME, we uniquely provide customers with both strong security and ease of use.

To see how our email encryption works, click here for a solutions demo.